US11436315B2 - Forced self authentication - Google Patents

Forced self authentication Download PDF

Info

Publication number
US11436315B2
US11436315B2 US16/541,218 US201916541218A US11436315B2 US 11436315 B2 US11436315 B2 US 11436315B2 US 201916541218 A US201916541218 A US 201916541218A US 11436315 B2 US11436315 B2 US 11436315B2
Authority
US
United States
Prior art keywords
authentication
authentication program
processor
rom
computer system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US16/541,218
Other versions
US20210049258A1 (en
Inventor
Yuval Kirschner
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nuvoton Technology Corp
Original Assignee
Nuvoton Technology Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nuvoton Technology Corp filed Critical Nuvoton Technology Corp
Priority to US16/541,218 priority Critical patent/US11436315B2/en
Assigned to NUVOTON TECHNOLOGY CORPORATION reassignment NUVOTON TECHNOLOGY CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KIRSCHNER, YUVAL
Priority to CN202010052436.0A priority patent/CN112395587A/en
Priority to TW109103167A priority patent/TWI775041B/en
Priority to JP2020071381A priority patent/JP7112449B2/en
Publication of US20210049258A1 publication Critical patent/US20210049258A1/en
Application granted granted Critical
Publication of US11436315B2 publication Critical patent/US11436315B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline, look ahead
    • G06F9/3802Instruction prefetching

Definitions

  • the present invention relates generally to secure computing environments, and particularly to methods and systems for forcing a computer system to self-authenticate.
  • Computer systems typically comprise one or more Central-Processing Units (CPUs) and a memory, wherein the CPU executes software programs that are stored in the memory.
  • CPUs Central-Processing Units
  • the computer authenticates the software that the computer executes, using cryptographic techniques.
  • An embodiment of the present invention that is described herein provides a computer system including a memory, processor and authentication enforcement hardware.
  • the processor is configured to execute software, including an authentication program, that authenticates data stored in the memory.
  • the authentication enforcement hardware is coupled to the processor and is configured to verify that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.
  • the authentication enforcement hardware is configured to initiate a responsive action when the processor fails to execute the authentication program with at least the specified frequency. Additionally or alternatively, the authentication enforcement hardware is configured to initiate a responsive action when the authentication program fails to authenticate the data.
  • the authentication program instructs the processor to assert a signal upon successfully authenticating the data
  • the authentication enforcement hardware comprises a timer configured to verify that the signal is asserted with at least the specified frequency
  • the processor is configured to execute the authentication program from a Read-Only Memory (ROM), and the authentication enforcement hardware is configured to decide that a given run of the authentication program completed successfully only in response to verifying that the given run was executed from the ROM.
  • the authentication enforcement hardware may be configured to verify whether the given run was executed from the ROM, by detecting whether instructions of the authentication program have been fetched from the ROM.
  • a method including, using a processor, executing software including an authentication program that authenticates data stored in a memory.
  • Using authentication enforcement hardware that is coupled to the processor a verification is made that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.
  • FIG. 1 is a block diagram that schematically illustrates a computer system with forced authentication, in accordance with an embodiment of the present invention
  • FIG. 2 is a timing waveform that schematically illustrates the protection of the computer system, of FIG. 1 when the self-authentication fails, in accordance with an embodiment of the present invention
  • FIG. 3 is a timing waveform that schematically illustrates the protection of a computer system of FIG. 1 when the software fails to run the self-authentication software, in accordance with an embodiment of the present invention.
  • FIG. 4 is a block diagram that schematically illustrates the structure of a circuitry that forces self-authentication in a computer system, in accordance with an embodiment of the present invention.
  • Computer systems typically comprise a Random-Access Memory (RAM) that stores firmware code (FW) and data.
  • RAM Random-Access Memory
  • FW firmware code
  • the FW may be downloaded from an external serial flash, by a Bootloader that is stored in a Read-Only-Memory (ROM), and then executed from the RAM.
  • ROM Read-Only-Memory
  • the FW may be downloaded from a network, or from another external source, via a parallel or a serial bus, wired or wireless.
  • the Bootloader may authenticate the FW that downloads (using cryptographic techniques such as key-based signatures) and, as ROM-code is considered safe, the downloaded FW can be trusted. However, once downloaded, the FW may run for long periods of time (e.g., months or years), sometimes as long as power supply to the computer system is not interrupted. Once a hacker manages to break the security of the computer system and load a modified code (e.g., by glitching the power supply of a chip, by enabling a debug port, or by injecting data directly to the RAM), the modified code could run practically forever, with severe security implications (the modified FW will be referred to hereinbelow as “malicious FW” or “malicious code”).
  • a modified code e.g., by glitching the power supply of a chip, by enabling a debug port, or by injecting data directly to the RAM
  • Embodiments of the present invention provide methods and systems for forcing a computer system to periodically self-authenticate, decreasing the risk that a malicious FW will replace the authentic FW and run for long periods of time.
  • the FW comprises authentication functions, that authenticate the memory contents or parts thereof periodically (e.g., triggered by a programmable timer); if the authentication fails, the computer system issues a Reset (or, in an embodiment, a n-Maskable Interrupt—NMI; in another embodiment execution may halt). Thereafter, the computer system will re-boot, scrapping the FW that is stored in the RAM.
  • the computer system comprises forced-authentication circuitry (FAC), also referred to as authentication enforcement hardware, which verifies that (i) the FW runs the authentication functions periodically with sufficient frequency, and (ii) the authentications complete successfully.
  • FAC forced-authentication circuitry
  • the FW asserts an AUTHENTICATION-OK signal (typically a single bit in a register) if the authentication program completes successfully (that is—the FW or parts thereof is authenticated).
  • the FAC in this example comprises a timer that resets when AUTHENTICATION-OK is asserted, and, in effect, counts time from the last successful authentication. If the timer reaches a preset threshold, the FAC forces the computer system to reboot, e.g., by issuing a Reset or an NMI.
  • the FAC is inaccessible by the software, except for setting the AUTHENTICATION-OK input by the software.
  • the authentication function is stored in a ROM, and the FW invokes the authentication function periodically.
  • the FAC ignores AUTHENTICATION-OK signaling if the last instruction is not fetched from the ROM; thus, AUTHENTICATION-OK can only be accepted if indicated by the authentication function that is stored in the presumably-safe ROM.
  • embodiments according to the present invention do not necessarily authenticate the complete FW and may refer to portions of the FW, or, in general, to authentication of data in the computer system memory.
  • embodiments according to the present invention force the computer system to periodically authenticate data that is stored in the RAM (for example, the complete FW).
  • Circuitry in the computer system assures that failure to authenticate the RAM data within a preset time threshold will result in a Reset, an NMI, or otherwise stop FW execution or take other responsive action.
  • the FW cannot fake a successful authentication, because the circuitry is inaccessible to the FW, except for ROM-based FW, which can notify successful authentication.
  • FIG. 1 is a block diagram 100 that schematical illustrates a computer system 102 with forced authentication, in accordance with an embodiment of the present invention.
  • Computer system 102 comprises a CPU 104 (also referred to as a processor), which is configured to execute programs that are stored in its memory; a Read-Only-Memory (ROM) 106 , which is configured to store initial boot code and other functions and data, including trusted FW functions; and a Random Access Memory (RAM) 108 , which is configured to store FW code and data ROM 106 and RAM 108 will be collectively referred to as the computer system memory.
  • CPU 104 also referred to as a processor
  • ROM Read-Only-Memory
  • RAM Random Access Memory
  • Computer System 102 further comprises an External Flash Interface 110 , which is configured to communicate with a Serial Flash memory 112 that may store the FW (external to the computer system).
  • Computer System 102 may optionally comprise other interfaces for downloading the FW—a Network Interface 114 , configured to communicate between the computer system and a network (e.g., Ethernet) and download the FW from a network; and a Serial Bus interface 116 , configured to communicate between the computer system and external devices over a serial bus (e.g., Inter-Integrated Circuit (I2C), to download the FW over a serial bus.
  • Computer System 102 may optionally comprise other interfaces that are configured to download the FW from external sources (some examples will be given hereinbelow).
  • the computer system when computer system 102 loads a FW, the computer system authenticates the FW (or parts thereof) using, for example, cryptographic signatures.
  • the authentication program is typically stored, at least partially, in ROM 106 , and if the authentication fails the computer system will not load the FW (the computer system may, for example, halt, reset, or generate a Non-Maskable Interrupt (NMI)). If the authentication is successful, CPU 104 loads the FW in RAM 108 and, thereafter, CPU 104 executes the FW from the RAM (Serial Flash 112 may be disconnected).
  • NMI Non-Maskable Interrupt
  • the CPU may execute the FW for long periods of times.
  • a computer system in a production floor may download a stable and mature process control FW, and then execute it for months and years (as long as the power is not interrupted).
  • Such long periods present an opportunity for hackers to attack the computer system and change the FW, for example, by glitching the power input, by enabling a debug port or by injecting data directly to the RAM.
  • the authentication that the computer system executes before loading the FW is, therefore, inadequate.
  • FW that the computer system executes must comprise periodic authentications of RAM data, for example, once every 10 seconds (actual numbers may vary from seconds to hours, according to the desired trade off point between performance and power spent on authentication vs. security risk and recovery time).
  • the authentication rate is not fixed, but a maximum time between authentication runs that the computer system must execute is defined.
  • computer system 102 further comprises a Forced-Authentication Circuitry (FAC) 118 .
  • FAC 118 receives from CPU 104 a signal that indicates successful authentication whenever an authentication run completes successfully.
  • the FAC may comprise a timer and verify that new authentication runs are signaled by the CPU, at intervals that are not longer than a preset threshold.
  • the authentication program is stored, at least partially, in ROM 106 , and the FW in RAM runs authentication by invoking ROM based functions.
  • the FAC is further configured to monitor the memory accesses of the CPU, and to block indications of successful authentication unless such indications are generated as a result of the execution of ROM-based instructions.
  • FAC 118 will detect failure to authenticate in time.
  • the execution of the malicious FW will be terminated either by authentication failure or by failing to run the authentication in a predefined time period.
  • any or all external flash interface 110 , network interface 114 and serial bus interface 116 may be used, allowing FW download from a serial flash, and/or a network and/or a serial bus.
  • the FW may be downloaded wirelessly, through a suitable interface; in yet other embodiments the FW may be downloaded via a fast system bus, such as Peripheral Component Interconnect Express (PCIe); and, lastly, each of interfaces 110 , 114 , 116 may be configured to interface with a plurality of devices.
  • PCIe Peripheral Component Interconnect Express
  • CPU 104 may be an aggregation of more than one CPU, of the same or of different types; and, lastly, ROM 106 and/or RAM 108 may comprise a plurality of ROM/RAM instances.
  • FIG. 2 is a timing waveform 200 that schematically illustrates the protection of a computing system, when the self-authentication fails, in accordance with an embodiment of the present invention.
  • the timing waveform comprises a FW-execution waveform 202 , which illustrates the varying FW execution sources; an Authentication-Results waveform 204 , which indicates fail or pass of the authentication runs; a Timer waveform 206 , which indicates the operation of the timer that verifies repetitive authentication runs; and, a Reset waveform 208 , which indicates resetting of the computer system.
  • Flowchart 200 further comprises time indicators—time indicators 210 and 212 , which indicate start and stop, respectively, of authentication runs; a time indicator 214 , which indicates a time point wherein the CPU starts the execution of a malicious code; and a time indicator 216 , which indicates the resetting of the computer system, responsive to failed authentication.
  • time indicators 210 and 212 which indicate start and stop, respectively, of authentication runs
  • time indicator 214 which indicates a time point wherein the CPU starts the execution of a malicious code
  • time indicator 216 which indicates the resetting of the computer system, responsive to failed authentication.
  • the FW executes from RAM. Then, at time indicator 210 , the FW invokes an authentication program that is stored in ROM. At time indicator 212 the authentication is completed, and the FW generates an Authentication-OK signal (that is forwarded to FAC 118 , of FIG. 1 ).
  • the Timer measures elapsed time by repeatedly incrementing and resets when the FAC receives the AUTHENTICATION-OK signal. The timer never reaches the Threshold, as a new signal is always received in a timely manner.
  • the sequence comprising FW execution from RAM followed by Authentication run from ROM and an Authentication-pass indicator repeats three times, until, at time indicator 214 , the FW starts executing a corrupted (malicious) code.
  • the next run of the authentication software will, therefore, result in an Authentication Fail signal (at time-indicator 216 ), and, consequently, a reset of the computer system.
  • FIG. 3 is a timing waveform 300 that schematically illustrates the protection of a computing system, when the software fails to run the self-authentication software, in accordance with an embodiment of the present invention.
  • the waveform starts like waveform 200 , and until time-indicator 210 the two waveforms are identical.
  • the malicious FW that is loaded into the RAM at step 214 does not invoke the authentication functions that are stored in the ROM.
  • the timer does not reset, and at time-indication 310 the timer reaches the threshold.
  • the FAC will then generate a Reset and the computer system will restart.
  • the FW will either fail periodic authentication of RAM data or fail to authenticate within the preset threshold. In both cases the computer system will reset, either directly as a result of the failed authentication, or by the FAC, when the timer reaches the threshold.
  • the waveforms of the computing system that are illustrated in FIGS. 2 and 3 are example embodiments that are cited by way of example. Waveforms of computer systems in accordance with the disclosed techniques are not limited to the description hereinabove.
  • the authentication program may be broken to segments, and, between the segments, the FW may execute from the RAM (for example, in application wherein fast response time is critical and cannot be met if the FW stops for a full authentication session).
  • reset is not generated by FAC 118 ; instead the FAC may stop all CPU executions; in an embodiment, the FAC generates an NMI, and in another embodiment the FAC may generate Reset if the authentication fails, and an NMI if the timer reaches the threshold.
  • FAC 118 may initiate any other suitable responsive action if (i) the authentication program is not invoked with at least the specified frequency, or (ii) if a certain invocation of the authentication program does not complete with successful authentication.
  • FIG. 4 is a block diagram 400 that schematically illustrates the structure of a circuitry that forces self-authentication in a computer system (FAC), in accordance with an embodiment of the present invention.
  • CPU 104 communicates with ROM 106 and RAM 108 ).
  • FAC 118 is configured to monitor transactions between the CPU, ROM and RAM.
  • the FAC is also coupled to CPU 104 through AUTHENTICATION-OK wire, used by the CPU to indicate that the authentication software completed successfully.
  • FAC 118 comprises a timer 402 , which is configured to count the time (for example, count cycles of a fixed frequency clock signal) between receipt of AUTHENTICATION-OK indications; and a Comparator 404 , which is configured to compare the time output by Timer 402 to a preset threshold, and to generate a Reset signal if the time is equal to the threshold.
  • the AUTHENTICATION-OK signal is one of CPU 104 IO pins, and AUTHENTICATION-OK is indicated by an Output instruction of the CPU.
  • a malicious FW may attempt to fool the forced-authentication mechanism described. hereinabove by periodically setting the AUTHENTICATION-OK indicator. This risk is answered by allowing the resetting of Timer 402 only if the CPU indicates AUTHENTICATION-OK as a result of executing an instruction. which. is stored in the ROM (which is presumed to be safe), as will be described hereinbelow.
  • FAG 118 further comprises a Gate 406 ; an Enable Authentication Indication Flipflop 408 ; a ROM-Instruction-Fetch Detector 410 and a RAM-Instruction-Fetch Detector 412 .
  • Gate 406 transfers AUTHENTICATION-OK indications from CPU 104 to Timer 402 only if Enable Authentication Indication Flipflop 408 is set.
  • the Flipflop is set when ROM-Instruction-Fetch Detector 410 , which monitors the CPU memory accesses, detects that the CPU fetches an instruction from the ROM, and cleared when RAM-Instruction-Fetch Detector 412 detects that the CPU fetches an instruction from the RAM.
  • the only way for Timer 402 to clear is an AUTHENTICATION-OK indication that follows an instruction fetch from ROM and precedes and instructon fetch from RAM.
  • the execution pipeline may result in delayed write operations relative to the corresponding instruction fetch and, thus, a ROM instruction that asserts the AUTHENTICATION-OK indication may lag the corresponding instruction fetch by one or more instructions, and, if the next instruction is executed from the RAM, resetting of the timer may be blocked.
  • the authentication software must continue execution from ROM for a few cycles, until the execution pipeline empties, for example, executing a preset number of NOP instructions.
  • ROM-Instruction-Fetch Detector 410 is configured to set an “enable authentication identification flag”, responsive to a fetch from the first address of the authentication routine in the ROM. Thus, malicious FW will not be able to jump to the end of the routine (asserting Authentication OK) and the ROM routine will fully executed.
  • FAC 118 As would be appreciated, the embodiment of FAC 118 that is illustrated in FIG. 4 is an example embodiment that is cited by way of example. FACs in accordance with the disclosed techniques are not limited to the description hereinabove.
  • CPU 104 indicates AUTHENTICATION-OK by writing to a memory address (pointing to an existing or to a non-existing memory).
  • FAC 118 comprises an AUTHENTICATION-OK-detector, which monitors the CPU memory accesses and detects AUTHENTICATION-OK signaling; the output of the detector is then input to gate 406 instead of the wire from CPU 104 .
  • CMP 404 generates NMI instead of Reset, and in another embodiment CMP 404 generates a HALT signal that stops the CPU.
  • a computer system that runs a FW from a RAM for long periods of time may be provided with protection against unauthorized modification. of the FW.
  • the protection comprises—a) the FW must periodically authenticate data that is stored in the RAM (comprising the complete FW or parts thereof); b) the authentication. software is stored, at least partially, in a. ROM, and hence is relatively protected from hacking; c) a circuitry in the computer comprises a timer, and the circuitry resets, stops or interrupts the CPU if the authentication. is delayed for more than a preset threshold; and, d) the circuitry protects the AUTHENTICATION-OK indication from hacking by verifying that the indication was initiated by a ROM based instruction.
  • the embodiments of the computer system and the FAC that are illustrated in FIGS. 1 through 4 are example embodiments that are cited by way of example.
  • Computer systems and FACs in accordance with the disclosed techniques are not limited to the description hereinabove.
  • the FW is run from an external Flash (rather than from, the RAM) that needs to periodically self-authenticate.
  • RAM 108 may be static or dynamic, embedded or external.
  • CPU 104 may be any kind of a microcontroller (e.g., RISC, CISC), or a plurality of processors.
  • the CPU may comprise a cache memory for frequently accessed data (and, in those embodiments, at least part of the authentication software is typically executed in a non-cached mode).
  • Computer system 102 or elements thereof may be implemented using any suitable hardware, such as in an Application-Specific Integrated Circuit (ASIC) or a protected Field-Programmable Gate Array (FPGA).
  • ASIC Application-Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • some or all the elements of the controller can be implemented using software, using hardware, or using a combination of hardware and software elements.
  • CPU 104 comprises a general-purpose processor, which is programmed in software to carry out the functions described herein.
  • the software may be downloaded to the processor in electronic form, over a network, for example, or it may, alternatively or additionally be provided and/or stored on non-transitory tangible media, such as magnetic, optical, or electronic memory.
  • ROM 106 may be emulated by other types of memories, like flash, RAM or One-Time-Programming memory (OTP), which include write/erase disable logic, and can thus emulate a ROM that is protected from altering.
  • OTP One-Time-Programming memory

Abstract

A computer system includes a memory, a processor and authentication enforcement hardware. The processor is configured to execute software, including an authentication program that authenticates data stored in the memory. The authentication enforcement hardware is coupled to the processor and is configured to verify that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.

Description

FIELD OF THE INVENTION
The present invention relates generally to secure computing environments, and particularly to methods and systems for forcing a computer system to self-authenticate.
BACKGROUND OF THE INVENTION
Computer systems typically comprise one or more Central-Processing Units (CPUs) and a memory, wherein the CPU executes software programs that are stored in the memory. In some computer systems, the computer authenticates the software that the computer executes, using cryptographic techniques.
Methods to verify the authenticity of the firmware (and other software or data) are described, for example in “SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES, Implementation Guidelines”, NIST-FIPS 140-2, initially released on Mar. 28, 2003; in “The Keyed-Hash Message Authentication Code”, FIPS PUB 198-1, July 2008; in “Secure Hash Standard (SHS),” NIST-FIPS 180-4, August, 2015; and in “UEFI (Unified Extensible Firmware Interface Forum) specifications,” version 2.7 (Errata A), August 2017.
SUMMARY OF THE INVENTION
An embodiment of the present invention that is described herein provides a computer system including a memory, processor and authentication enforcement hardware. The processor is configured to execute software, including an authentication program, that authenticates data stored in the memory. The authentication enforcement hardware is coupled to the processor and is configured to verify that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.
In some embodiments, the authentication enforcement hardware is configured to initiate a responsive action when the processor fails to execute the authentication program with at least the specified frequency. Additionally or alternatively, the authentication enforcement hardware is configured to initiate a responsive action when the authentication program fails to authenticate the data.
In an embodiment, the authentication program instructs the processor to assert a signal upon successfully authenticating the data, and the authentication enforcement hardware comprises a timer configured to verify that the signal is asserted with at least the specified frequency. in another embodiment, the processor is configured to execute the authentication program from a Read-Only Memory (ROM), and the authentication enforcement hardware is configured to decide that a given run of the authentication program completed successfully only in response to verifying that the given run was executed from the ROM. The authentication enforcement hardware may be configured to verify whether the given run was executed from the ROM, by detecting whether instructions of the authentication program have been fetched from the ROM.
There is additionally provided, in accordance with an embodiment of the present invention, a method including, using a processor, executing software including an authentication program that authenticates data stored in a memory. Using authentication enforcement hardware that is coupled to the processor, a verification is made that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.
The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram that schematically illustrates a computer system with forced authentication, in accordance with an embodiment of the present invention;
FIG. 2 is a timing waveform that schematically illustrates the protection of the computer system, of FIG. 1 when the self-authentication fails, in accordance with an embodiment of the present invention;
FIG. 3 is a timing waveform that schematically illustrates the protection of a computer system of FIG. 1 when the software fails to run the self-authentication software, in accordance with an embodiment of the present invention; and
FIG. 4 is a block diagram that schematically illustrates the structure of a circuitry that forces self-authentication in a computer system, in accordance with an embodiment of the present invention.
 DETAILED DESCRIPTION OF EMBODIMENTS Overview
Computer systems (and microcontrollers in particular) typically comprise a Random-Access Memory (RAM) that stores firmware code (FW) and data. For example, the FW may be downloaded from an external serial flash, by a Bootloader that is stored in a Read-Only-Memory (ROM), and then executed from the RAM. In other examples the FW may be downloaded from a network, or from another external source, via a parallel or a serial bus, wired or wireless.
The Bootloader may authenticate the FW that downloads (using cryptographic techniques such as key-based signatures) and, as ROM-code is considered safe, the downloaded FW can be trusted. However, once downloaded, the FW may run for long periods of time (e.g., months or years), sometimes as long as power supply to the computer system is not interrupted. Once a hacker manages to break the security of the computer system and load a modified code (e.g., by glitching the power supply of a chip, by enabling a debug port, or by injecting data directly to the RAM), the modified code could run practically forever, with severe security implications (the modified FW will be referred to hereinbelow as “malicious FW” or “malicious code”).
Embodiments of the present invention that are disclosed herein provide methods and systems for forcing a computer system to periodically self-authenticate, decreasing the risk that a malicious FW will replace the authentic FW and run for long periods of time. In an embodiment, the FW comprises authentication functions, that authenticate the memory contents or parts thereof periodically (e.g., triggered by a programmable timer); if the authentication fails, the computer system issues a Reset (or, in an embodiment, a n-Maskable Interrupt—NMI; in another embodiment execution may halt). Thereafter, the computer system will re-boot, scrapping the FW that is stored in the RAM.
In some embodiments, the computer system comprises forced-authentication circuitry (FAC), also referred to as authentication enforcement hardware, which verifies that (i) the FW runs the authentication functions periodically with sufficient frequency, and (ii) the authentications complete successfully. In one example embodiment, the FW asserts an AUTHENTICATION-OK signal (typically a single bit in a register) if the authentication program completes successfully (that is—the FW or parts thereof is authenticated). The FAC in this example comprises a timer that resets when AUTHENTICATION-OK is asserted, and, in effect, counts time from the last successful authentication. If the timer reaches a preset threshold, the FAC forces the computer system to reboot, e.g., by issuing a Reset or an NMI.
In embodiments, the FAC is inaccessible by the software, except for setting the AUTHENTICATION-OK input by the software. In some embodiments, the authentication function is stored in a ROM, and the FW invokes the authentication function periodically. In an embodiment, to avoid a forged AUTHENTICATION-OK signaling that does not follow successful authentication, the FAC ignores AUTHENTICATION-OK signaling if the last instruction is not fetched from the ROM; thus, AUTHENTICATION-OK can only be accepted if indicated by the authentication function that is stored in the presumably-safe ROM.
Although the description hereinabove relates to authentication of the FW, embodiments according to the present invention do not necessarily authenticate the complete FW and may refer to portions of the FW, or, in general, to authentication of data in the computer system memory.
In summary, embodiments according to the present invention force the computer system to periodically authenticate data that is stored in the RAM (for example, the complete FW). Circuitry in the computer system assures that failure to authenticate the RAM data within a preset time threshold will result in a Reset, an NMI, or otherwise stop FW execution or take other responsive action. The FW cannot fake a successful authentication, because the circuitry is inaccessible to the FW, except for ROM-based FW, which can notify successful authentication. User software performance not affected by the added mechanism, except for the periodical invocations of the authentication function.
System Description
We present herein several examples of a computer system and elements thereof, according to embodiments of the present invention. It should be emphasized that the examples by no way limit the scope of the invention.
FIG. 1 is a block diagram 100 that schematical illustrates a computer system 102 with forced authentication, in accordance with an embodiment of the present invention.
Computer system 102 comprises a CPU 104 (also referred to as a processor), which is configured to execute programs that are stored in its memory; a Read-Only-Memory (ROM) 106, which is configured to store initial boot code and other functions and data, including trusted FW functions; and a Random Access Memory (RAM) 108, which is configured to store FW code and data ROM 106 and RAM 108 will be collectively referred to as the computer system memory.
To download the FW, Computer System 102 further comprises an External Flash Interface 110, which is configured to communicate with a Serial Flash memory 112 that may store the FW (external to the computer system). Computer System 102 may optionally comprise other interfaces for downloading the FW—a Network Interface 114, configured to communicate between the computer system and a network (e.g., Ethernet) and download the FW from a network; and a Serial Bus interface 116, configured to communicate between the computer system and external devices over a serial bus (e.g., Inter-Integrated Circuit (I2C), to download the FW over a serial bus. Computer System 102 may optionally comprise other interfaces that are configured to download the FW from external sources (some examples will be given hereinbelow).
According to embodiments of the present invention, when computer system 102 loads a FW, the computer system authenticates the FW (or parts thereof) using, for example, cryptographic signatures. The authentication program is typically stored, at least partially, in ROM 106, and if the authentication fails the computer system will not load the FW (the computer system may, for example, halt, reset, or generate a Non-Maskable Interrupt (NMI)). If the authentication is successful, CPU 104 loads the FW in RAM 108 and, thereafter, CPU 104 executes the FW from the RAM (Serial Flash 112 may be disconnected).
In some applications of the computer system, the CPU may execute the FW for long periods of times. For example, a computer system in a production floor may download a stable and mature process control FW, and then execute it for months and years (as long as the power is not interrupted). Such long periods present an opportunity for hackers to attack the computer system and change the FW, for example, by glitching the power input, by enabling a debug port or by injecting data directly to the RAM. The authentication that the computer system executes before loading the FW is, therefore, inadequate.
To mitigate this risk, according to embodiments of the present invention, FW that the computer system executes must comprise periodic authentications of RAM data, for example, once every 10 seconds (actual numbers may vary from seconds to hours, according to the desired trade off point between performance and power spent on authentication vs. security risk and recovery time). In some embodiments the authentication rate is not fixed, but a maximum time between authentication runs that the computer system must execute is defined.
However, a hacker can disable the perodic authentication and thus allow a malicious FW to run for long periods of time. To mitigate this risk, computer system 102 further comprises a Forced-Authentication Circuitry (FAC) 118. FAC 118 receives from CPU 104 a signal that indicates successful authentication whenever an authentication run completes successfully. The FAC may comprise a timer and verify that new authentication runs are signaled by the CPU, at intervals that are not longer than a preset threshold.
According to the example embodiment described with reference to FIG. 1, the authentication program is stored, at least partially, in ROM 106, and the FW in RAM runs authentication by invoking ROM based functions. The FAC is further configured to monitor the memory accesses of the CPU, and to block indications of successful authentication unless such indications are generated as a result of the execution of ROM-based instructions. Thus, a hacker cannot fake successful authentication runs, and FAC 118 will detect failure to authenticate in time. The execution of the malicious FW will be terminated either by authentication failure or by failing to run the authentication in a predefined time period.
As would be appreciated, the embodiment of computing system 102 that is illustrated in FIG. 1 is an example embodiment that is cited by way of example. Computing systems in accordance with the disclosed techniques are not limited to the description hereinabove. In alternative embodiments, for example, any or all external flash interface 110, network interface 114 and serial bus interface 116 may be used, allowing FW download from a serial flash, and/or a network and/or a serial bus. In some embodiments the FW may be downloaded wirelessly, through a suitable interface; in yet other embodiments the FW may be downloaded via a fast system bus, such as Peripheral Component Interconnect Express (PCIe); and, lastly, each of interfaces 110, 114, 116 may be configured to interface with a plurality of devices.
In embodiments, CPU 104 may be an aggregation of more than one CPU, of the same or of different types; and, lastly, ROM 106 and/or RAM 108 may comprise a plurality of ROM/RAM instances.
FIG. 2 is a timing waveform 200 that schematically illustrates the protection of a computing system, when the self-authentication fails, in accordance with an embodiment of the present invention. The timing waveform comprises a FW-execution waveform 202, which illustrates the varying FW execution sources; an Authentication-Results waveform 204, which indicates fail or pass of the authentication runs; a Timer waveform 206, which indicates the operation of the timer that verifies repetitive authentication runs; and, a Reset waveform 208, which indicates resetting of the computer system.
Flowchart 200 further comprises time indicators— time indicators 210 and 212, which indicate start and stop, respectively, of authentication runs; a time indicator 214, which indicates a time point wherein the CPU starts the execution of a malicious code; and a time indicator 216, which indicates the resetting of the computer system, responsive to failed authentication.
Initially, the FW executes from RAM. Then, at time indicator 210, the FW invokes an authentication program that is stored in ROM. At time indicator 212 the authentication is completed, and the FW generates an Authentication-OK signal (that is forwarded to FAC 118, of FIG. 1).
The Timer measures elapsed time by repeatedly incrementing and resets when the FAC receives the AUTHENTICATION-OK signal. The timer never reaches the Threshold, as a new signal is always received in a timely manner.
The sequence comprising FW execution from RAM followed by Authentication run from ROM and an Authentication-pass indicator repeats three times, until, at time indicator 214, the FW starts executing a corrupted (malicious) code. The next run of the authentication software will, therefore, result in an Authentication Fail signal (at time-indicator 216), and, consequently, a reset of the computer system.
FIG. 3 is a timing waveform 300 that schematically illustrates the protection of a computing system, when the software fails to run the self-authentication software, in accordance with an embodiment of the present invention.
The waveform starts like waveform 200, and until time-indicator 210 the two waveforms are identical. However, the malicious FW that is loaded into the RAM at step 214 does not invoke the authentication functions that are stored in the ROM. As a result, no AUTHENTICATION-OK indications are generated, the timer does not reset, and at time-indication 310 the timer reaches the threshold. The FAC will then generate a Reset and the computer system will restart.
In summary, according to the example embodiments described with reference to FIGS. 2, 3, if the FW that is downloaded at step 214 is not authentic, the FW will either fail periodic authentication of RAM data or fail to authenticate within the preset threshold. In both cases the computer system will reset, either directly as a result of the failed authentication, or by the FAC, when the timer reaches the threshold.
As would be appreciated, the waveforms of the computing system that are illustrated in FIGS. 2 and 3 are example embodiments that are cited by way of example. Waveforms of computer systems in accordance with the disclosed techniques are not limited to the description hereinabove. In alternative embodiments, for example, the authentication program may be broken to segments, and, between the segments, the FW may execute from the RAM (for example, in application wherein fast response time is critical and cannot be met if the FW stops for a full authentication session). In other embodiments, reset is not generated by FAC 118; instead the FAC may stop all CPU executions; in an embodiment, the FAC generates an NMI, and in another embodiment the FAC may generate Reset if the authentication fails, and an NMI if the timer reaches the threshold.
Further, additionally or alternatively, FAC 118 may initiate any other suitable responsive action if (i) the authentication program is not invoked with at least the specified frequency, or (ii) if a certain invocation of the authentication program does not complete with successful authentication.
FIG. 4 is a block diagram 400 that schematically illustrates the structure of a circuitry that forces self-authentication in a computer system (FAC), in accordance with an embodiment of the present invention. CPU 104 communicates with ROM 106 and RAM 108). FAC 118 is configured to monitor transactions between the CPU, ROM and RAM. The FAC is also coupled to CPU 104 through AUTHENTICATION-OK wire, used by the CPU to indicate that the authentication software completed successfully.
FAC 118 comprises a timer 402, which is configured to count the time (for example, count cycles of a fixed frequency clock signal) between receipt of AUTHENTICATION-OK indications; and a Comparator 404, which is configured to compare the time output by Timer 402 to a preset threshold, and to generate a Reset signal if the time is equal to the threshold. In the example embodiment of FIG. 4, the AUTHENTICATION-OK signal is one of CPU 104 IO pins, and AUTHENTICATION-OK is indicated by an Output instruction of the CPU.
A malicious FW may attempt to fool the forced-authentication mechanism described. hereinabove by periodically setting the AUTHENTICATION-OK indicator. This risk is answered by allowing the resetting of Timer 402 only if the CPU indicates AUTHENTICATION-OK as a result of executing an instruction. which. is stored in the ROM (which is presumed to be safe), as will be described hereinbelow.
FAG 118 further comprises a Gate 406; an Enable Authentication Indication Flipflop 408; a ROM-Instruction-Fetch Detector 410 and a RAM-Instruction-Fetch Detector 412. Gate 406 transfers AUTHENTICATION-OK indications from CPU 104 to Timer 402 only if Enable Authentication Indication Flipflop 408 is set. The Flipflop is set when ROM-Instruction-Fetch Detector 410, which monitors the CPU memory accesses, detects that the CPU fetches an instruction from the ROM, and cleared when RAM-Instruction-Fetch Detector 412 detects that the CPU fetches an instruction from the RAM. Thus, the only way for Timer 402 to clear is an AUTHENTICATION-OK indication that follows an instruction fetch from ROM and precedes and instructon fetch from RAM.
In some embodiments of computer system 102, the execution pipeline may result in delayed write operations relative to the corresponding instruction fetch and, thus, a ROM instruction that asserts the AUTHENTICATION-OK indication may lag the corresponding instruction fetch by one or more instructions, and, if the next instruction is executed from the RAM, resetting of the timer may be blocked. In those embodiments, the authentication software must continue execution from ROM for a few cycles, until the execution pipeline empties, for example, executing a preset number of NOP instructions.
In an alternative embodiment, ROM-Instruction-Fetch Detector 410 is configured to set an “enable authentication identification flag”, responsive to a fetch from the first address of the authentication routine in the ROM. Thus, malicious FW will not be able to jump to the end of the routine (asserting Authentication OK) and the ROM routine will fully executed.
As would be appreciated, the embodiment of FAC 118 that is illustrated in FIG. 4 is an example embodiment that is cited by way of example. FACs in accordance with the disclosed techniques are not limited to the description hereinabove. In alternative embodiments, for example, CPU 104 indicates AUTHENTICATION-OK by writing to a memory address (pointing to an existing or to a non-existing memory). In such embodiments, FAC 118 comprises an AUTHENTICATION-OK-detector, which monitors the CPU memory accesses and detects AUTHENTICATION-OK signaling; the output of the detector is then input to gate 406 instead of the wire from CPU 104. In an embodiment, CMP 404 generates NMI instead of Reset, and in another embodiment CMP 404 generates a HALT signal that stops the CPU.
Thus, according to embodiments of the present invention that were presented hereinabove, a computer system that runs a FW from a RAM for long periods of time may be provided with protection against unauthorized modification. of the FW. The protection comprises—a) the FW must periodically authenticate data that is stored in the RAM (comprising the complete FW or parts thereof); b) the authentication. software is stored, at least partially, in a. ROM, and hence is relatively protected from hacking; c) a circuitry in the computer comprises a timer, and the circuitry resets, stops or interrupts the CPU if the authentication. is delayed for more than a preset threshold; and, d) the circuitry protects the AUTHENTICATION-OK indication from hacking by verifying that the indication was initiated by a ROM based instruction.
As would be appreciated, the embodiments of the computer system and the FAC that are illustrated in FIGS. 1 through 4 are example embodiments that are cited by way of example. Computer systems and FACs in accordance with the disclosed techniques are not limited to the description hereinabove. In alternative embodiments, for example, the FW is run from an external Flash (rather than from, the RAM) that needs to periodically self-authenticate. RAM 108 may be static or dynamic, embedded or external. CPU 104 may be any kind of a microcontroller (e.g., RISC, CISC), or a plurality of processors.
In some embodiments according to the present invention, the CPU may comprise a cache memory for frequently accessed data (and, in those embodiments, at least part of the authentication software is typically executed in a non-cached mode).
Computer system 102 or elements thereof, may be implemented using any suitable hardware, such as in an Application-Specific Integrated Circuit (ASIC) or a protected Field-Programmable Gate Array (FPGA). In some embodiments, some or all the elements of the controller can be implemented using software, using hardware, or using a combination of hardware and software elements.
Typically, CPU 104 comprises a general-purpose processor, which is programmed in software to carry out the functions described herein. The software may be downloaded to the processor in electronic form, over a network, for example, or it may, alternatively or additionally be provided and/or stored on non-transitory tangible media, such as magnetic, optical, or electronic memory.
ROM 106 may be emulated by other types of memories, like flash, RAM or One-Time-Programming memory (OTP), which include write/erase disable logic, and can thus emulate a ROM that is protected from altering.
It will thus be appreciated that the embodiments described above are cited by way of example, and that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and sub-combinations of the various features described hereinabove, as well as variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art. Documents incorporated by reference in the present patent application are to be considered an integral part of the application except that to the extent. any terms are defined in these incorporated documents in a manner that conflicts with the definitions made explicitly or implicitly in the present specification, only the definitions in the present specification should be considered.

Claims (12)

The invention claimed is:
1. A computer system, comprising:
a memory;
a processor, configured to execute software, including an authentication program that authenticates data stored in the memory; and
authentication enforcement hardware, which is coupled to the processor and is configured to verify: (i) that the processor executes the authentication program periodically with at least a specified frequency, and, (ii) that the authentication program successfully authenticates the data within at least a predetermined time period.
2. The computer system according to claim 1, wherein the authentication enforcement hardware is configured to initiate a responsive action when the processor fails to execute the authentication program within at least the predetermined time period.
3. The computer system according to claim 1, wherein the authentication enforcement hardware is configured to initiate a responsive action when the authentication program fails to authenticate the data.
4. The computer system according to claim 1, wherein the authentication program instructs the processor to assert a signal upon successfully authenticating the data, and wherein the authentication enforcement hardware comprises a timer configured to verify that the signal is asserted within at least the predetermined time period.
5. The computer system according to claim 1, wherein the processor is configured to execute the authentication program from a Read-Only Memory (ROM), and wherein the authentication enforcement hardware is configured to decide that a given run of the authentication program completed successfully only in response to verifying that the given run was executed from the ROM.
6. The computer system according to claim 5, wherein the authentication enforcement hardware is configured to verify whether the given run was executed from the ROM, by detecting whether instructions of the authentication program have been fetched from the ROM.
7. A method, comprising:
using a processor, executing software, including an authentication program that authenticates data stored in a memory; and
using authentication enforcement hardware that is coupled to the processor, verifying (i) that the processor executes the authentication program periodically with at least a specified frequency, and, (ii) that the authentication program successfully authenticates the data within at least a predetermined time period.
8. The method according to claim 7, and comprising initiating a responsive action by the authentication enforcement hardware when the processor fails to execute the authentication program within at least the predetermined time period.
9. The method according to claim 7, and comprising initiating a responsive action by the authentication enforcement hardware when the authentication program fails to authenticate the data.
10. The method according to claim 7, wherein the authentication program instructs the processor to assert a signal upon successfully authenticating the data, and wherein verifying that the processor executes the authentication program within at least the predetermined time period comprises verifying, using a timer in the authentication enforcement hardware, that the signal is asserted within at least the predetermined time period.
11. The method according to claim 7, wherein executing the software comprises executing the authentication program from a Read-Only Memory (ROM), and wherein verifying that the authentication program successfully authenticates the data comprises deciding that a given run of the authentication program completed successfully only in response to verifying that the given run was executed from the ROM.
12. The method according to claim 11, wherein verifying that the given run was executed from the ROM comprises detecting whether instructions of the authentication program have been fetched from the ROM.
US16/541,218 2019-08-15 2019-08-15 Forced self authentication Active 2040-08-31 US11436315B2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US16/541,218 US11436315B2 (en) 2019-08-15 2019-08-15 Forced self authentication
CN202010052436.0A CN112395587A (en) 2019-08-15 2020-01-17 Computer system and forced self-authentication method
TW109103167A TWI775041B (en) 2019-08-15 2020-02-03 Computer system with forced self authentication and method of forced self authentication
JP2020071381A JP7112449B2 (en) 2019-08-15 2020-04-11 Computer system with forced self-authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/541,218 US11436315B2 (en) 2019-08-15 2019-08-15 Forced self authentication

Publications (2)

Publication Number Publication Date
US20210049258A1 US20210049258A1 (en) 2021-02-18
US11436315B2 true US11436315B2 (en) 2022-09-06

Family

ID=74568363

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/541,218 Active 2040-08-31 US11436315B2 (en) 2019-08-15 2019-08-15 Forced self authentication

Country Status (4)

Country Link
US (1) US11436315B2 (en)
JP (1) JP7112449B2 (en)
CN (1) CN112395587A (en)
TW (1) TWI775041B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032737B (en) * 2021-03-15 2021-11-30 清华大学 Software protection method and device, electronic equipment and storage medium

Citations (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5696994A (en) 1995-05-26 1997-12-09 National Semiconductor Corporation Serial interface having control circuits for enabling or disabling N-channel or P-channel transistors to allow for operation in two different transfer modes
US5713006A (en) 1995-03-15 1998-01-27 Texas Instruments Incorporated Electronic device and method for selective enabling of access to configuration registers used by a memory controller
US5713306A (en) 1995-09-26 1998-02-03 Johnson; Arnold B. Feline playground system
US5740404A (en) 1993-09-27 1998-04-14 Hitachi America Limited Digital signal processor with on-chip select decoder and wait state generator
US6026293A (en) * 1996-09-05 2000-02-15 Ericsson Inc. System for preventing electronic memory tampering
US6049876A (en) 1998-02-09 2000-04-11 Motorola, Inc. Data processing system and method which detect unauthorized memory accesses
US6088450A (en) 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US6289408B1 (en) 1995-05-08 2001-09-11 Apple Computer, Inc. Bus interface with address mask register for transferring selected data from one bus to another
US20020087872A1 (en) 2000-12-29 2002-07-04 Wells Steven E. Integrated circuit chip having firmware and hardware security primitive device(s)
US6510522B1 (en) 1998-11-20 2003-01-21 Compaq Information Technologies Group, L.P. Apparatus and method for providing access security to a device coupled upon a two-wire bidirectional bus
US20030061494A1 (en) 2001-09-26 2003-03-27 Girard Luke E. Method and system for protecting data on a pc platform using bulk non-volatile storage
US20040081079A1 (en) 2002-04-16 2004-04-29 Robert Bosch Gmbh Method for monitoring a communication media access schedule of a communication controller of a communication system
US6832317B1 (en) 2001-05-10 2004-12-14 Advanced Micro Devices, Inc. Personal computer security mechanism
US20040255071A1 (en) 2003-06-12 2004-12-16 Larson Thane M. Inter-integrated circuit bus router for providing increased security
US20040268138A1 (en) 2003-06-12 2004-12-30 Larson Thane M. Inter integrated circuit bus router
US20050021968A1 (en) 2003-06-25 2005-01-27 Zimmer Vincent J. Method for performing a trusted firmware/bios update
US20050132186A1 (en) 2003-12-11 2005-06-16 Khan Moinul H. Method and apparatus for a trust processor
US20050204162A1 (en) 2004-03-09 2005-09-15 Rayes Mark A. Isolation approach for network users associated with elevated risk
US20060059360A1 (en) 2004-07-01 2006-03-16 Ortkiese Jerry B Authenticating controller
US20060107032A1 (en) 2004-11-17 2006-05-18 Paaske Timothy R Secure code execution using external memory
US7065654B1 (en) 2001-05-10 2006-06-20 Advanced Micro Devices, Inc. Secure execution box
US7155615B1 (en) 2000-06-30 2006-12-26 Intel Corporation Method and apparatus for providing a secure-private partition on a hard disk drive of a computer system via IDE controller
US7205883B2 (en) 2002-10-07 2007-04-17 Safenet, Inc. Tamper detection and secure power failure recovery circuit
US20070109015A1 (en) 2005-11-15 2007-05-17 Alcatel Switched integrated circuit connection architectures and techniques
US20080177994A1 (en) 2003-01-12 2008-07-24 Yaron Mayer System and method for improving the efficiency, comfort, and/or reliability in Operating Systems, such as for example Windows
US20080276302A1 (en) 2005-12-13 2008-11-06 Yoggie Security Systems Ltd. System and Method for Providing Data and Device Security Between External and Host Devices
US20080282017A1 (en) 2007-05-09 2008-11-13 Microsoft Corporation Serial Peripheral Interface Switch
US7496929B2 (en) 2004-05-28 2009-02-24 Intel Corporation Performance of operations on a hardware resource through integral interpretive execution
US20100037321A1 (en) 2008-08-04 2010-02-11 Yoggie Security Systems Ltd. Systems and Methods for Providing Security Services During Power Management Mode
US7664836B2 (en) 2004-02-17 2010-02-16 Zhe Khi Pak Device and method for booting an operation system for a computer from a passive directly attached network device
US7797115B2 (en) 2007-08-13 2010-09-14 Nuvoton Technology Corporation Time interval measurement for capacitive detection
US20120163589A1 (en) 2010-12-22 2012-06-28 Johnson Simon P System and method for implementing a trusted dynamic launch and trusted platform module (tpm) using secure enclaves
US20120210115A1 (en) 2011-02-11 2012-08-16 Park Dong-Jin Secure Boot Method and Method for Generating a Secure Boot Image
US20120255014A1 (en) 2011-03-29 2012-10-04 Mcafee, Inc. System and method for below-operating system repair of related malware-infected threads and resources
US20120255012A1 (en) 2011-03-29 2012-10-04 Mcafee, Inc. System and method for below-operating system regulation and control of self-modifying code
US20130166975A1 (en) 2011-12-23 2013-06-27 Electronics And Telecommunications Research Institute Apparatus for protecting against external attack for processor based on arm core and method using the same
US20130254906A1 (en) 2012-03-22 2013-09-26 Cavium, Inc. Hardware and Software Association and Authentication
US20130312099A1 (en) 2012-05-21 2013-11-21 Mcafee, Inc. Realtime Kernel Object Table and Type Protection
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
US20150026426A1 (en) 2005-06-30 2015-01-22 Ravi L. Sahita System and method for high performance secure access to a trusted platform module on a hardware virtualization platform
US9158628B2 (en) 2013-11-27 2015-10-13 American Megatrends, Inc. Bios failover update with service processor having direct serial peripheral interface (SPI) access
US9239925B2 (en) 2010-02-12 2016-01-19 Nvidia Technology Uk Limited Processor security
US20160188909A1 (en) 2014-12-31 2016-06-30 Google Inc. Trusted computing
US9432298B1 (en) 2011-12-09 2016-08-30 P4tents1, LLC System, method, and computer program product for improving memory systems
US20170206034A1 (en) 2006-05-17 2017-07-20 Richard Fetik Secure Application Acceleration System, Methods and Apparatus
US20170364700A1 (en) 2015-06-02 2017-12-21 ALTR Solutions, Inc. Immutable logging of access requests to distributed file systems
US10095891B2 (en) 2015-06-08 2018-10-09 Nuvoton Technology Corporation Secure access to peripheral devices over a bus
US20180365974A1 (en) 2017-06-14 2018-12-20 Allegro Microsystems, Llc Sensor Integrated Circuits and Methods for Safety Critical Applications
US10303880B2 (en) 2014-07-24 2019-05-28 Nuvoton Technology Corporation Security device having indirect access to external non-volatile memory
US20190236281A1 (en) 2015-06-08 2019-08-01 Nuvoton Technology Corporation Secure system boot monitor
US20190236278A1 (en) 2018-01-30 2019-08-01 Dell Products L.P. Modifiable policy action secure boot violation system
US20190236276A1 (en) 2014-07-24 2019-08-01 Nuvoton Technology Corporation Secured master-mediated transactions between slave devices using bus monitoring
US10452582B2 (en) 2015-06-08 2019-10-22 Nuvoton Technology Corporation Secure access to peripheral devices over a bus

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3501129B2 (en) * 2001-02-09 2004-03-02 株式会社三洋物産 Control device
US7206933B2 (en) * 2001-07-09 2007-04-17 Advanced Micro Devices, Inc. Software modem with privileged mode driver authentication
JP2003162511A (en) * 2001-11-22 2003-06-06 Seiko Epson Corp Authentication system, pen-type input device and authentication processing program
EP1429224A1 (en) * 2002-12-10 2004-06-16 Texas Instruments Incorporated Firmware run-time authentication
EP1659472A1 (en) * 2004-11-22 2006-05-24 Research In Motion Limited Method and Device for Authenticating Software
US20060156008A1 (en) * 2005-01-12 2006-07-13 Microsoft Corporation Last line of defense ensuring and enforcing sufficiently valid/current code
JP5543949B2 (en) * 2011-09-21 2014-07-09 株式会社東芝 Control device and monitor program
TWI467408B (en) * 2011-11-15 2015-01-01 Mstar Semiconductor Inc Embedded devices and control methods thereof
CN105117314B (en) * 2015-07-07 2017-07-11 福州瑞芯微电子股份有限公司 The verification method and system of a kind of Memory modules
US10346605B2 (en) * 2016-06-28 2019-07-09 Paypal, Inc. Visual data processing of response images for authentication
JP6584487B2 (en) * 2017-12-20 2019-10-02 キヤノン株式会社 Information processing apparatus, control method thereof, and program

Patent Citations (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740404A (en) 1993-09-27 1998-04-14 Hitachi America Limited Digital signal processor with on-chip select decoder and wait state generator
US5713006A (en) 1995-03-15 1998-01-27 Texas Instruments Incorporated Electronic device and method for selective enabling of access to configuration registers used by a memory controller
US6289408B1 (en) 1995-05-08 2001-09-11 Apple Computer, Inc. Bus interface with address mask register for transferring selected data from one bus to another
US5696994A (en) 1995-05-26 1997-12-09 National Semiconductor Corporation Serial interface having control circuits for enabling or disabling N-channel or P-channel transistors to allow for operation in two different transfer modes
US5713306A (en) 1995-09-26 1998-02-03 Johnson; Arnold B. Feline playground system
US6088450A (en) 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US6026293A (en) * 1996-09-05 2000-02-15 Ericsson Inc. System for preventing electronic memory tampering
US6049876A (en) 1998-02-09 2000-04-11 Motorola, Inc. Data processing system and method which detect unauthorized memory accesses
US6510522B1 (en) 1998-11-20 2003-01-21 Compaq Information Technologies Group, L.P. Apparatus and method for providing access security to a device coupled upon a two-wire bidirectional bus
US7155615B1 (en) 2000-06-30 2006-12-26 Intel Corporation Method and apparatus for providing a secure-private partition on a hard disk drive of a computer system via IDE controller
US20020087872A1 (en) 2000-12-29 2002-07-04 Wells Steven E. Integrated circuit chip having firmware and hardware security primitive device(s)
US7065654B1 (en) 2001-05-10 2006-06-20 Advanced Micro Devices, Inc. Secure execution box
US6832317B1 (en) 2001-05-10 2004-12-14 Advanced Micro Devices, Inc. Personal computer security mechanism
US20030061494A1 (en) 2001-09-26 2003-03-27 Girard Luke E. Method and system for protecting data on a pc platform using bulk non-volatile storage
US20040081079A1 (en) 2002-04-16 2004-04-29 Robert Bosch Gmbh Method for monitoring a communication media access schedule of a communication controller of a communication system
US7205883B2 (en) 2002-10-07 2007-04-17 Safenet, Inc. Tamper detection and secure power failure recovery circuit
US20080177994A1 (en) 2003-01-12 2008-07-24 Yaron Mayer System and method for improving the efficiency, comfort, and/or reliability in Operating Systems, such as for example Windows
US20040268138A1 (en) 2003-06-12 2004-12-30 Larson Thane M. Inter integrated circuit bus router
US20040255071A1 (en) 2003-06-12 2004-12-16 Larson Thane M. Inter-integrated circuit bus router for providing increased security
US20050021968A1 (en) 2003-06-25 2005-01-27 Zimmer Vincent J. Method for performing a trusted firmware/bios update
US20050132186A1 (en) 2003-12-11 2005-06-16 Khan Moinul H. Method and apparatus for a trust processor
US7664836B2 (en) 2004-02-17 2010-02-16 Zhe Khi Pak Device and method for booting an operation system for a computer from a passive directly attached network device
US20050204162A1 (en) 2004-03-09 2005-09-15 Rayes Mark A. Isolation approach for network users associated with elevated risk
US7496929B2 (en) 2004-05-28 2009-02-24 Intel Corporation Performance of operations on a hardware resource through integral interpretive execution
US20060059360A1 (en) 2004-07-01 2006-03-16 Ortkiese Jerry B Authenticating controller
US20060107032A1 (en) 2004-11-17 2006-05-18 Paaske Timothy R Secure code execution using external memory
US20150026426A1 (en) 2005-06-30 2015-01-22 Ravi L. Sahita System and method for high performance secure access to a trusted platform module on a hardware virtualization platform
US20070109015A1 (en) 2005-11-15 2007-05-17 Alcatel Switched integrated circuit connection architectures and techniques
US20080276302A1 (en) 2005-12-13 2008-11-06 Yoggie Security Systems Ltd. System and Method for Providing Data and Device Security Between External and Host Devices
US20170206034A1 (en) 2006-05-17 2017-07-20 Richard Fetik Secure Application Acceleration System, Methods and Apparatus
US20080282017A1 (en) 2007-05-09 2008-11-13 Microsoft Corporation Serial Peripheral Interface Switch
US7797115B2 (en) 2007-08-13 2010-09-14 Nuvoton Technology Corporation Time interval measurement for capacitive detection
US20100037321A1 (en) 2008-08-04 2010-02-11 Yoggie Security Systems Ltd. Systems and Methods for Providing Security Services During Power Management Mode
US9239925B2 (en) 2010-02-12 2016-01-19 Nvidia Technology Uk Limited Processor security
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
US20120163589A1 (en) 2010-12-22 2012-06-28 Johnson Simon P System and method for implementing a trusted dynamic launch and trusted platform module (tpm) using secure enclaves
US20120210115A1 (en) 2011-02-11 2012-08-16 Park Dong-Jin Secure Boot Method and Method for Generating a Secure Boot Image
US20120255014A1 (en) 2011-03-29 2012-10-04 Mcafee, Inc. System and method for below-operating system repair of related malware-infected threads and resources
US20120255012A1 (en) 2011-03-29 2012-10-04 Mcafee, Inc. System and method for below-operating system regulation and control of self-modifying code
US9432298B1 (en) 2011-12-09 2016-08-30 P4tents1, LLC System, method, and computer program product for improving memory systems
US20130166975A1 (en) 2011-12-23 2013-06-27 Electronics And Telecommunications Research Institute Apparatus for protecting against external attack for processor based on arm core and method using the same
US20130254906A1 (en) 2012-03-22 2013-09-26 Cavium, Inc. Hardware and Software Association and Authentication
US20130312099A1 (en) 2012-05-21 2013-11-21 Mcafee, Inc. Realtime Kernel Object Table and Type Protection
US9158628B2 (en) 2013-11-27 2015-10-13 American Megatrends, Inc. Bios failover update with service processor having direct serial peripheral interface (SPI) access
US10303880B2 (en) 2014-07-24 2019-05-28 Nuvoton Technology Corporation Security device having indirect access to external non-volatile memory
US20190236276A1 (en) 2014-07-24 2019-08-01 Nuvoton Technology Corporation Secured master-mediated transactions between slave devices using bus monitoring
US20160188909A1 (en) 2014-12-31 2016-06-30 Google Inc. Trusted computing
US20170364700A1 (en) 2015-06-02 2017-12-21 ALTR Solutions, Inc. Immutable logging of access requests to distributed file systems
US10095891B2 (en) 2015-06-08 2018-10-09 Nuvoton Technology Corporation Secure access to peripheral devices over a bus
US20190236281A1 (en) 2015-06-08 2019-08-01 Nuvoton Technology Corporation Secure system boot monitor
US10452582B2 (en) 2015-06-08 2019-10-22 Nuvoton Technology Corporation Secure access to peripheral devices over a bus
US20180365974A1 (en) 2017-06-14 2018-12-20 Allegro Microsystems, Llc Sensor Integrated Circuits and Methods for Safety Critical Applications
US20190236278A1 (en) 2018-01-30 2019-08-01 Dell Products L.P. Modifiable policy action secure boot violation system

Non-Patent Citations (16)

* Cited by examiner, † Cited by third party
Title
National Institute of Standards and Technology, "Implementation Guidance for FIPS 140-2 and the Cryptographic Module Validation Program", pp. 1-252, Mar. 28, 2003.
National Institute of Standards and Technology, "Secure Hash Standard (SHS)", FIPS PUB 180-4, pp. 1-36, Aug. 2015.
National Institute of Standards and Technology, "Security Requirements for Cryptographic Modules", FIPS PUB 140-2, pp. 1-69, May 25, 2001.
National Institute of Standards and Technology, "The Keyed-Hash Message Authentication Code (HMAC)", FIPS PUB 198-1, pp. 1-13, Jul. 2008.
NXP Semiconductors "UM10204—I2C-bus specification and user manual", Revision 6 , pp. 1-64, Apr. 4, 2014.
TCG PC Client Specific Implementation Specification for Conventional BIOS, Specification Version 1.21 Errata, Revision 1.00, pp. 1-151, Feb. 24, 2012.
TCG PC Client Specific TPM Interface Specification (TIS), Specification Version 1.3, pp. 1-112, Mar. 21, 2013.
TCG Software Stack (TSS) Specification Version 1.2, Level 1, Errata A, Part 1: Commands and Structures, pp. 1-757, Mar. 7, 2007.
TPM Main Specification, "Part 1—Design Principles", version 1.2, Revision 116, pp. 1-184, Mar. 1, 2011.
TPM Main Specification, "Part 2—Structures", version 1.2, Level 2, Revision 116, pp. 1-201, Mar. 1, 2011.
TPM Main Specification, "Part 3—Commands", version 1.2, Level 2, Revision 116, pp. 1-339, Mar. 1, 2011.
U.S. Appl. No. 16/377,212 office action dated Oct. 18, 2019.
U.S. Appl. No. 16/568,299 office action dated Apr. 29, 2020.
U.S. Appl. No. 16/907,248 Office Action dated Jun. 30, 2022.
Unified EFI Forum, Inc., "Unified Extensible Firmware Interface (UEFI) Specification", version 2.7, errata A, pp. 1-75 (chapter 8.2—pp. 237-259, chapter 23.1—pp. 1001-1016, chapter 31—pp. 1697-1730), Aug. 2017.
Winbond-Spiflash, "3V 256M-BIT, Serial Flash Memory With Dual/Quad SPI & QPI", pp. 1-104, Nov. 13, 2015.

Also Published As

Publication number Publication date
JP7112449B2 (en) 2022-08-03
TW202109327A (en) 2021-03-01
US20210049258A1 (en) 2021-02-18
TWI775041B (en) 2022-08-21
JP2021034011A (en) 2021-03-01
CN112395587A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US7401234B2 (en) Autonomous memory checker for runtime security assurance and method therefore
US20080250406A1 (en) Virtual Machine Support for Metered Computer Usage
US9734339B2 (en) Retrieving system boot code from a non-volatile memory
US11194586B2 (en) Secure boot override in a computing device equipped with unified-extensible firmware interface (UEFI)-compliant firmware
JP5335634B2 (en) Computer that protects the privilege level of system administration mode
US9990255B2 (en) Repairing compromised system data in a non-volatile memory
US20050132177A1 (en) Detecting modifications made to code placed in memory by the POST BIOS
WO2006086302A1 (en) Method and system for validating a computer system
US9367327B2 (en) Method to ensure platform silicon configuration integrity
EP3485416B1 (en) Bios security
US8843742B2 (en) Hypervisor security using SMM
US8838952B2 (en) Information processing apparatus with secure boot capability capable of verification of configuration change
US11188321B2 (en) Processing device and software execution control method
US20210192050A1 (en) System validation by hardware root of trust (hrot) device and system management mode (smm)
TW202044022A (en) Update signals
WO2021087417A1 (en) Alert handling
US11436315B2 (en) Forced self authentication
US8661177B2 (en) Method and apparatus for controlling system interrupts
CN112307481B (en) System trusted starting method, electronic equipment and computer readable storage medium
US11972033B2 (en) Alert handling
US20170017794A1 (en) Method and device for protecting a computing apparatus against manipulation
Yadav SECURE BOOTLOADER IN EMBEDDED SYSTEM USING MISRA-C
Zhenliu et al. An Efficient Trustworthy Protected-Ring Model for UEFI Firmware
Zhou et al. An Efficient Trustworthy Protected-Ring Model for UEFI Firmware

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: NUVOTON TECHNOLOGY CORPORATION, TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KIRSCHNER, YUVAL;REEL/FRAME:050078/0044

Effective date: 20190814

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING TC RESP., ISSUE FEE NOT PAID

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE